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Response to Arguments 

1 . Applicant's arguments filed 2/9/2009 have been fully considered but they 
are not persuasive. 

Applicant argues that none of Aura, Buhle, or Jamtgaard teach or suggest 
"receiving... from the mobile device. ..a gateway group identifier for a carrier 
gateway that is associated with the mobile device request, as recited by at least 
claim 1 ." Claim 1 , however, does not recite that the gateway group identifier is 
received from the mobile device. The entire limitation in question reads 
"receiving a request from the mobile device, wherein the request includes 
associated information and further receiving a gateway group identifier for a 
carrier gateway that is associated with the mobile device request". One will see 
here that the gateway group identifier is not received in the request and need not 
be received from the mobile device. This is further clarified in other independent 
claims, such as claim 18, for example. The pertinent limitation of claim 18 reads 
"sending a request to the server for content, wherein the request includes an 
identifier associated with a user agent, and wherein a carrier gateway associated 
with the request further provides a gateway group identifier". As is clear in this 
limitation, the gateway provides the gateway group identifier, and not the mobile 
device. While claim 1 is broader in that it does state the entity that provides the 
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gateway group identifier, claim 1 in no way claims that the mobile device sends 
the gateway group identifier in any manner. 

Buhle discusses gateway group identifiers used in determining if the 
gateway is trustable above a defined level. This is found in the authentication of 
the middle-tier servers, and the determination of trust level based on the 
combination of the client's trust level and the middle-tier server's trust level. 
Column 5, lines 25-36, for example, describes the middle-tier server (in this case 
referred to as application server 204, as seen in figure 2) being authenticated by 
use of credentials, such as X.509 certificates, tickets such as those generated in 
Kerberos, username/password combinations, or the like, which clearly correlate 
to and/or include gateway group identifiers (username of the application or 
middle-tier server would correlate to the gateway group identifier, while a 
certificate would include the gateway group identifier used to identify and 
authenticate the application or middle-tier server). Column 6, lines 1-19 discuss 
how the particular combination of client and middle-tier server defines the level of 
trust given to the connection. If the client is more trusted than a middle-tier 
server, the client will be given additional trust when connecting to the data server 
directly, and less trust when connecting to the data server through the middle-tier 
server. Furthermore, when the middle-tier server is more trusted that the client, 
the client may obtain a higher level of trust by going through the middle-tier 
server as opposed to directly connecting to the data server, thereby obtaining 
additional privileges or roles. As one can see from the above, the middle-tier 
server authentication/identification parameters clearly correspond to and/or 
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include a gateway group identifier in determining if a gateway is trustable above 
a defined level. 

Applicant also argues that the references fail to teach or suggest 
"automatically determining at least one level of trust from a plurality of different 
levels of trust based, in part, on the associated information..." where the 
associated information is received in a request from the mobile device. As has 
been explained before, Aura teaches levels of trust that may be determined 
based on associated information sent with a request (e.g. the credential sent with 
the request, which could define the level of trust for credential authenticated 
access, column 5, lines 58-64). The credential can specify a limited level of trust, 
wherein, if the mobile node undergoes full authentication, a greater level of trust 
may be granted. The teachings of Jamtgaard with respect to this argument were 
fully discussed in the final office action dated 5/28/2008, and are not reiterated 
here, as no further arguments have been provided. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 1 02 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 
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2. Claims 1,3,4, 9-1 2,14,1 5, 26-30, 32, 35-38, and 40-45 are rejected 
under 35 U.S.C. 103(a) as being unpatentable over Aura (U.S. Patent 6,947,725) 
in view of Jamtgaard (U.S. Patent 6,430,624) and Buhle (U.S. Patent 6,286,104). 
Regarding Claim 1, 

Aura discloses a method of managing a communication with 
a mobile device over a network, comprising: 

Receiving a request from the mobile device, wherein the 
request includes associated information (Column 5, line 58 to 
Column 6, line 13; and Column 7, line 42 to Column 8, line 23) and 
further receiving a gateway group identifier for a carrier gateway 
that is associated with the mobile device request (Column 4, lines 
32-65; Column 9, line 43 to Column 10, line 27; and Column 13, 
line 64 to Column 15, line 6); 

Automatically determining at least one level of trust from a 
plurality of different levels of trust based, in part, on the associated 
information (Column 5, line 58 to Column 6, line 13; and Column 7, 
line 42 to Column 8, line 23), and based on: 

Using the associated information, determining is a trusted 
mobile device identifier associated with the mobile device is 
received (Column 9, line 43 to Column 1 0, line 27; and Column 1 3, 
line 64 to Column 15, line 6); 

If the trusted mobile device identifier associated with the 
mobile device is received, then determining at least a first level of 
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trust associated with the mobile device (Column 9, line 43 to 
Column 10, line 27; and Column 13, line 64 to Column 15, line 6); 

If the mobile device is enabled to access the Internet, then 
determining at least a third level of trust associated with the mobile 
device (Column 3, line 31 to Column 4, line 1 1 ; Column 7, line 42 to 
Column 8, line 23; and Column 9, lines 4-19); 

Determining at least one device signature for the mobile 
device based on the at least one level of trust from the plurality of 
different levels of trust, and independent of user authentication, the 
at least one device signature being usable to enable to mobile 
device to perform an action over the network associated with the 
request (Column 7, line 42 to Column 8, line 23; and Column 9, line 
43 to Column 10, line 27); 

But does not explicitly disclose determining if the mobile 
device is enabled to accept a cookie and determining at least a 
second level of trust based on such determination, determining if 
the mobile device is enabled to interact with a URL and determining 
at least a third level of trust based on such determination, or 
determining if the gateway is trustable above a defined level using 
the gateway group identifier. 

Jamtgaard, however, discloses using associated information 
of a request, determining a capability of the mobile device, 
including if the mobile device is enabled to accept a cookie and/or 
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is enabled to interact with a URL (Column 5, lines 27-53; Column 8, 
line 4 to Column 9, line 22; and Column 14, lines 4-20); 

If the mobile device is enabled to accept a cookie, then 
determining at least a second level of trust associated with the 
mobile device (Column 5, lines 27-53; Column 8, line 4 to Column 
9, line 22; and Column 14, lines 4-20); and 

If the mobile device is enabled to interact with a URL, then 
determining at least a third level of trust associated with the mobile 
device (Column 5, lines 27-53; Column 8, line 4 to Column 9, line 
22; and Column 14, lines 4-20). It would have been obvious to one 
of ordinary skill in the art at the time of applicant's invention to 
incorporate the capability determination and translation system of 
Jamtgaard into the mobile authentication system of Aura in order to 
allow the system to determine device capabilities and to translate 
data accordingly so that the device can receive properly formatted 
data that the device can understand, while allowing capabilities that 
the device does not have to be run by a proxy system, thereby 
providing use of the capabilities even when the device itself cannot 
perform such capabilities. 

Buhle, however, discloses receiving a gateway group 
identifier for a gateway that is associated with the mobile device 
request; using the gateway group identifier to determine if the 
gateway is trustable above a defined level; and determining levels 
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of trust based on both a device ID and whether the gateway is 
trustable above a defined level (Column 5, line 25 to Column 6, line 
25; Column 6, lines 61-67; and Column 8, lines 20-52). It would 
have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the authentication and 
authorization system of Buhle into the mobile authentication system 
of Aura as modified by Jamtgaard in order to provide a highly 
dynamic system of roles and permissions such that a device 
connecting directly to a data server will have one set of 
roles/permissions and when the device connects through certain 
middle-tier servers, the roles and permissions change based on 
each server through which the connection is made, thereby 
providing a high degree of security, auditing, and dynamic system 
behavior based upon how the user connects to the system. 

Regarding Claim 3, 

Aura as modified by Jamtgaard and Buhle discloses the 
method of claim 1 , in addition, Aura discloses that the associated 
information comprises at least one of a device identifier, user agent 
information, and an indication that the mobile device is enabled to 
accept a cookie (Column 9, line 43 to Column 10, line 27; and 
Column 13, line 64 to Column 15, line 6). 

Regarding Claim 4, 
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Aura as modified by Jamtgaard and Buhle discloses the 
method of claim 3, in addition, Aura discloses that the associated 
information further comprises at least one of a gateway group 
identifier and a subscription identifier (Column 9, line 43 to Column 
10, line 27; and Column 13, line 64 to Column 15, line 6). 
Regarding Claim 9, 

Aura as modified by Jamtgaard and Buhle discloses the 
method of claim 1 , in addition, Aura discloses that the mobile 
device identifier is at least one of a MIN, ESN, application serial 
number, or a mobile telephone number (Column 13, line 64 to 
Column 15, line 6). 
Regarding Claim 10, 

Aura as modified by Jamtgaard and Buhle discloses the 
method of claim 1 , in addition, Aura discloses that determining at 
least one device signature further comprises if the first level of trust 
is determined, determining a first tier device signature based, in 
part, on a hash of at least one of a subscription identifier, the 
gateway group identifier, a user agent identifier, and a time stamp 
(Column 9, line 43 to Column 10, line 27; and Column 13, line 64 to 
Column 15, line 6). 
Regarding Claim 11, 

Aura as modified by Jamtgaard and Buhle discloses the 
method of claim 1 , in addition, Aura discloses that determining at 
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least one device signature further comprises if the second level of 
trust is determined, determining a second tier device signature 
based, in part, on a hash of at least one of a cookie, the gateway 
group identifier, a user agent identifier, and a time stamp (Column 

9, line 43 to Column 10, line 27; and Column 13, line 64 to Column 
15, line 6). 

Regarding Claim 12, 

Aura as modified by Jamtgaard and Buhle discloses the 
method of claim 1 , in addition, Aura discloses that determining at 
least one device signature further comprises if the third level of trust 
is determined, determining a third tier device signature based, in 
part, on a hash of at least one of the gateway group identifier, a 
user agent identifier, a server identifier, a process identifier, a 
random number, and a time stamp (Column 9, line 43 to Column 

10, line 27; and Column 13, line 64 to Column 15, line 6). 
Regarding Claim 14, 

Aura as modified by Jamtgaard and Buhle discloses the 
method of claim 1 , in addition, Aura discloses that determining at 
least one device signature further comprises employing a hash 
function selected from at least one of a message digest, SHA, DES, 
3DES, HAVAL, RIPEMD, and Tiger hash function (Column 4, lines 
58-62). 
Regarding Claim 15, 
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Aura as modified by Jamtgaard and Buhle discloses the 
method of claim 1 , in addition, Aura discloses expiring the at least 
one device signature based, in part, on a predetermined period of 
time associated with each of the at least one device signature 
(Column 9, line 43 to Column 10, line 27). 
Regarding Claim 26, 

Aura discloses a server for managing a communication with 
a mobile device over a network comprising: 

A transceiver for receiving a request from the mobile device 
and for sending at least one device signature to the mobile device 
(Column 5, line 58 to Column 6, line 13; and Column 7, line 42 to 
Column 8, line 23); and 

A transcoder that is configured to perform actions including: 

Receiving the request from the mobile device, wherein the 
request includes associated information (Column 5, line 58 to 
Column 6, line 13; and Column 7, line 42 to Column 8, line 23); 

Receiving a gateway group identifier for a carrier gateway 
(Column 4, lines 32-65; Column 9, line 43 to Column 10, line 27; 
and Column 13, line 64 to Column 15, line 6); 

Automatically determining at least one level of trust from a 
plurality of different levels of trust based, in part, on the associated 
information (Column 5, line 58 to Column 6, line 13; and Column 7, 
line 42 to Column 8, line 23) and further based on: 
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If a trusted mobile device identifier associated with the 
mobile device is received, then determining at least a first level of 
trust associated with the mobile device (Column 9, line 43 to 
Column 10, line 27; and Column 13, line 64 to Column 15, line 6); 

If the mobile device is enabled to access the Internet, then 
determining at least a third level of trust associated with the mobile 
device (Column 3, line 31 to Column 4, line 1 1 ; Column 7, line 42 to 
Column 8, line 23; and Column 9, lines 4-19); and 

Determining the at least one device signature for the mobile 
device based on the at least one level of trust of the plurality of 
different trust levels, wherein the at least one device signature is 
independent of user authentication (Column 7, line 42 to Column 8, 
line 23; and Column 9, line 43 to Column 10, line 27); 

But does not explicitly disclose if the mobile device is 
enabled to accept a cookie, then determining at least a second 
level of trust associated with the mobile device; if the mobile device 
is enabled to interact with a URL, then determining at least a third 
level of trust associated with the mobile device; receiving the 
gateway group identifier from the carrier gateway, and determining 
if the carrier gateway is trustable. 

Jamtgaard, however, discloses if the mobile device is 
enabled to accept a cookie, then determining at least a second 
level of trust associated with the mobile device; and determining 
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that the mobile device is enabled to interact with a URL, then 
determining at least a third level of trust associated with the mobile 
device (Column 5, lines 27-53; Column 8, line 4 to Column 9, line 
22; and Column 14, lines 4-20). It would have been obvious to one 
of ordinary skill in the art at the time of applicant's invention to 
incorporate the capability determination and translation system of 
Jamtgaard into the mobile authentication system of Aura in order to 
allow the system to determine device capabilities and to translate 
data accordingly so that the device can receive properly formatted 
data that the device can understand, while allowing capabilities that 
the device does not have to be run by a proxy system, thereby 
providing use of the capabilities even when the device itself cannot 
perform such capabilities. 

Buhle, however, discloses receiving, from a gateway 
associated with a request from a mobile device, a gateway group 
identifier for the gateway and determining levels of trust based on 
both a device ID and whether the gateway is determined to be 
trustable (Column 5, line 25 to Column 6, line 25; Column 6, lines 
61-67; and Column 8, lines 20-52). It would have been obvious to 
one of ordinary skill in the art at the time of applicant's invention to 
incorporate the authentication and authorization system of Buhle 
into the mobile authentication system of Aura as modified by 
Jamtgaard in order to provide a highly dynamic system of roles and 
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permissions such that a device connecting directly to a data server 
will have one set of roles/permissions and when the device 
connects through certain middle-tier servers, the roles and 
permissions change based on each server through which the 
connection is made, thereby providing a high degree of security, 
auditing, and dynamic system behavior based upon how the user 
connects to the system. 
Regarding Claim 27, 

Aura as modified by Jamtgaard and Buhle discloses the 
server of claim 26, in addition, Aura discloses that the transcoder is 
configured to perform actions comprising receiving gateway 
information, wherein the gateway information is associated with a 
carrier gateway for the mobile device; and determining the at least 
one level of trust based, in part, on the associated information and 
the gateway information (Column 4, lines 32-65; Column 9, line 43 
to Column 10, line 27; and Column 13, line 64 to Column 15, line 
6). 

Regarding Claim 28, 

Aura as modified by Jamtgaard and Buhle discloses the 
server of claim 26, in addition, Aura discloses that determining the 
at least one device signature comprises if the first level of trust is 
determined, determining a first tier device signature based, in part, 
on a hash of at least one of a subscription identifier, the gateway 
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group identifier, a user agent identifier, and a time stamp (Column 
9, line 43 to Column 10, line 27; and Column 13, line 64 to Column 
15, line 6). 
Regarding Claim 29, 

Aura as modified by Jamtgaard and Buhle discloses the 
server of claim 26, in addition, Aura discloses that determining the 
at least one device signature further comprises if the second level 
of trust is determined, determining a second tier device signature 
based, in part, on a hash of at least one of a cookie, the gateway 
group identifier, a user agent identifier, and a time stamp (Column 

9, line 43 to Column 10, line 27; and Column 13, line 64 to Column 
15, line 6). 

Regarding Claim 30, 

Aura as modified by Jamtgaard and Buhle discloses the 
server of claim 26, in addition, Aura discloses that determining the 
at least one device signature further comprises if the third level of 
trust is determined, determining a third tier device signature based, 
in part, on a hash of at least one of the gateway group identifier, a 
user agent identifier, a server identifier, a process identifier, a 
random number, and a time stamp (Column 9, line 43 to Column 

10, line 27; and Column 13, line 64 to Column 15, line 6). 
Regarding Claim 32, 
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Aura as modified by Jamtgaard and Buhle discloses the 
server of claim 26, in addition, Aura discloses that determining the 
at least one level of trust further comprises determining the second 
level of trust based at least one of the gateway identifier, and a user 
agent (Column 9, line 43 to Column 10, line 27; and Column 13, 
line 64 to Column 15, line 6). 
Regarding Claim 35, 

Aura discloses a system for managing a communication with 
a mobile device over a network comprising: 

The mobile device configured to provide information 
associated with the mobile device (Column 5, line 58 to Column 6, 
line 13; and Column 7, line 42 to Column 8, line 23); and 

A server, coupled to a carrier gateway, that is configured to 
receive the associated information and to perform actions (Column 
4, lines 32-65; Column 5, line 58 to Column 6, line 13; and Column 
7, line 42 to Column 8, line 23), including: 

Automatically determining at least two different levels of trust 
from a plurality of different levels of trust based, in part, on the 
associated information (Column 5, line 58 to Column 6, line 13; and 
Column 7, line 42 to Column 8, line 23), wherein the at least two 
different levels of trust are based on: 

If a trusted mobile device identifier associated with the 
mobile device is received, then determining at least a first level of 
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trust associated with the mobile device (Column 9, line 43 to 
Column 10, line 27; and Column 13, line 64 to Column 15, line 6); 
and 

Determining another level of trust associated with the mobile 
device (Column 5, line 58 to Column 6, line 13; and Column 7, line 
42 to Column 8, line 23); and 

Initially determining at least two different device signatures 
for the mobile device each of the two device signatures being 
based on a different one of the at least two different levels of trust, 
wherein the at least two device signatures are each determined 
independent of user authentication (Column 5, line 58 to Column 6, 
line 13; and Column 7, line 42 to Column 8, line 23); 

But may not explicitly disclose determining if the mobile 
device is enabled with a defined operational capability, and 
determining if a gateway group identifier associated with a carrier 
gateway is trustable. 

Jamtgaard, however, discloses determining if the mobile 
device is enabled with a defined operational capability and if the 
mobile device is so enabled, then determining another level of trust 
associated with the mobile device (Column 5, lines 27-53; Column 
8, line 4 to Column 9, line 22; and Column 14, lines 4-20). It would 
have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the capability determination and 
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translation system of Jamtgaard into the mobile authentication 
system of Aura in order to allow the system to determine device 
capabilities and to translate data accordingly so that the device can 
receive properly formatted data that the device can understand, 
while allowing capabilities that the device does not have to be run 
by a proxy system, thereby providing use of the capabilities even 
when the device itself cannot perform such capabilities. 

Buhle, however, discloses determining levels of trust based 
on both a device ID and whether a gateway group identifier 
associated with a carrier gateway is determined to be trustable 
(Column 5, line 25 to Column 6, line 25; Column 6, lines 61-67; and 
Column 8, lines 20-52). It would have been obvious to one of 
ordinary skill in the art at the time of applicant's invention to 
incorporate the authentication and authorization system of Buhle 
into the mobile authentication system of Aura as modified by 
Jamtgaard in order to provide a highly dynamic system of roles and 
permissions such that a device connecting directly to a data server 
will have one set of roles/permissions and when the device 
connects through certain middle-tier servers, the roles and 
permissions change based on each server through which the 
connection is made, thereby providing a high degree of security, 
auditing, and dynamic system behavior based upon how the user 
connects to the system. 
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Regarding Claim 36, 

Aura as modified by Jamtgaard and Buhle discloses the 
system of claim 35, in addition, Aura discloses that determining the 
at least two device signatures further comprises determining a tier 1 
device signature based, in part, on a hash of at least one of a 
subscription identifier, the gateway group identifier, a user agent 
identifier, and a time stamp (Column 9, line 43 to Column 10, line 
27; and Column 13, line 64 to Column 15, line 6). 

Regarding Claim 37, 

Aura as modified by Jamtgaard and Buhle discloses the 
system of claim 35, in addition, Aura discloses that determining the 
at least two device signatures further comprises determining a tier 2 
device signature based, in part, on a hash of at least one of a 
cookie, the gateway group identifier, a user agent identifier, and a 
time stamp (Column 9, line 43 to Column 10, line 27; and Column 
13, line 64 to Column 15, line 6). 

Regarding Claim 38, 

Aura as modified by Jamtgaard and Buhle discloses the 
system of claim 35, in addition, Aura discloses that determining the 
at least two device signatures further comprises determining a tier 3 
device signature based, in part, on a hash of at least one of the 
gateway group identifier, a user agent identifier, a server identifier, 
a process identifier, a random number, and a time stamp (Column 
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9, line 43 to Column 10, line 27; and Column 13, line 64 to Column 
15, line 6). 
Regarding Claim 40, 

Aura as modified by Jamtgaard and Buhle discloses the 
system of claim 35, in addition, Aura discloses the carrier gateway, 
coupled to the mobile device, that is configured to receive the 
associated information, and provide the associated information and 
gateway information related to the carrier gateway (Column 4, lines 
32-65; and Column 13, line 64 to Column 15, line 6); and Buhle 
discloses that the gateway is coupled to the mobile device and is 
configured to receive associated information and provide the 
associated information and gateway information, including the 
gateway group identifier, related to the gateway (Column 5, line 25 
to Column 6, line 25; Column 6, lines 61-67; and Column 8, lines 
20-52). 
Regarding Claim 41, 

Aura discloses a computer readable storage medium for 
communicating with a mobile device, the computer readable 
storage medium having computer executable instructions stored 
thereon that when installed into a computing device enable the 
computing device to perform actions, comprising: 

Receiving a request from the mobile device, wherein the 
request includes associated information (Column 5, line 58 to 
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Column 6, line 13; and Column 7, line 42 to Column 8, line 23) and 
further receiving a gateway group identifier for a carrier gateway 
that is associated with the mobile device request (Column 4, lines 
32-65; Column 9, line 43 to Column 10, line 27; and Column 13, 
line 64 to Column 15, line 6); 

Sending at least one device signature to the mobile device 
based on at least one level of trust determined from a plurality of 
different levels of trust that is determined, in part, using the 
associated information (Column 7, line 42 to Column 8, line 23; and 
Column 9, line 43 to Column 10, line 27), wherein the at least one 
level of trust is based on: 

If a trusted mobile device identifier associated with the 
mobile device is received, then determining at least a first level of 
trust associated with the mobile device (Column 9, line 43 to 
Column 10, line 27; and Column 13, line 64 to Column 15, line 6); 
and 

Determining another level of trust associated with the mobile 
device, and wherein the at least one device signature is determined 
independent of user authentication (Column 5, line 58 to Column 6, 
line 13; and Column 7, line 42 to Column 8, line 23); 

But may not explicitly disclose determining if the mobile 
device is enabled with a defined operational capability and 
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determining if the gateway is trustable based on the gateway group 
identifier above a threshold. 

Jamtgaard, however, discloses determining if the mobile 
device is enabled with a defined operational capability and if the 
mobile device is so enabled, then determining another level of trust 
associated with the mobile device (Column 5, lines 27-53; Column 
8, line 4 to Column 9, line 22; and Column 14, lines 4-20). It would 
have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the capability determination and 
translation system of Jamtgaard into the mobile authentication 
system of Aura in order to allow the system to determine device 
capabilities and to translate data accordingly so that the device can 
receive properly formatted data that the device can understand, 
while allowing capabilities that the device does not have to be run 
by a proxy system, thereby providing use of the capabilities even 
when the device itself cannot perform such capabilities. 

Buhle, however, discloses receiving a gateway group 
identifier for a gateway that is associated with the mobile device 
request; using the gateway group identifier to determine if the 
gateway is trustable above a threshold; and determining levels of 
trust based on both a device ID and whether the gateway is 
trustable above a defined level (Column 5, line 25 to Column 6, line 
25; Column 6, lines 61-67; and Column 8, lines 20-52). It would 
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have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the authentication and 
authorization system of Buhle into the mobile authentication system 
of Aura as modified by Jamtgaard in order to provide a highly 
dynamic system of roles and permissions such that a device 
connecting directly to a data server will have one set of 
roles/permissions and when the device connects through certain 
middle-tier servers, the roles and permissions change based on 
each server through which the connection is made, thereby 
providing a high degree of security, auditing, and dynamic system 
behavior based upon how the user connects to the system. 

Regarding Claim 42, 

Aura as modified by Jamtgaard and Buhle discloses the 
computer readable storage medium of claim 41 , in addition, Aura 
discloses that determining the at least one device signature further 
comprises if the first level of trust is determined, determining a first 
tier device signature based, in part, on a hash of at least one of a 
subscription identifier, the gateway group identifier, a user agent 
identifier, and a time stamp (Column 9, line 43 to Column 10, line 
27; and Column 13, line 64 to Column 15, line 6). 

Regarding Claim 43, 

Aura as modified by Jamtgaard and Buhle discloses the 
computer readable storage medium of claim 41 , in addition, Aura 
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discloses that determining the at least one device signature further 
comprises if the other level of trust is determined, determining 
another device signature based, in part, on a hash of at least one of 
a cookie, the gateway group identifier, a user agent identifier, and a 
time stamp (Column 9, line 43 to Column 10, line 27; and Column 
13, line 64 to Column 15, line 6). 
Regarding Claim 44, 

Aura as modified by Jamtgaard and Buhle discloses the 
computer readable storage medium of claim 41 , in addition, Aura 
discloses that determining the at least one device signature further 
comprises if the other level of trust is determined, determining 
another device signature based, in part, on a hash of at least one of 
the gateway group identifier, a user agent identifier, a server 
identifier, a process identifier, a random number, and a time 
(Column 9, line 43 to Column 10, line 27; and Column 13, line 64 to 
Column 15, line 6) 
Regarding Claim 45, 

Aura discloses an apparatus for communicating with a 
mobile device comprising: 

A means for receiving a request from a mobile device, 
wherein the request includes associated information (Column 5, 
line 58 to Column 6, line 13; and Column 7, line 42 to Column 8, 
line 23); 
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Means for receiving a gateway group identifier associated 
with a carrier gateway for the request from the mobile device 
(Column 4, lines 32-65; Column 9, line 43 to Column 10, line 27; 
and Column 13, line 64 to Column 15, line 6); 

A means for automatically determining a plurality of different 
levels of trust based, in part, on the associated information (Column 
5, line 58 to Column 6, line 13; and Column 7, line 42 to Column 8, 
line 23); and 

A means for determining a plurality of different device 
signatures for the mobile deice based, in part, on the determined 
plurality of different levels of trust, and independent of user 
authentication (Column 7, line 42 to Column 8, line 23; and Column 
9, line 43 to Column 10, line 27); 

But may not explicitly disclose that the associated 
information indicates a capability of the mobile device, that at least 
one of the different levels of trust is based on an operational 
capability of the mobile device, and determining if the gateway is 
trustable above a threshold. 

Jamtgaard, however, discloses that the associated 
information indicates a capability of the mobile device and that at 
least one of the different levels of trust is based on an operational 
capability of the mobile device (Column 5, lines 27-53; Column 8, 
line 4 to Column 9, line 22; and Column 14, lines 4-20). It would 
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have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the capability determination and 
translation system of Jamtgaard into the mobile authentication 
system of Aura in order to allow the system to determine device 
capabilities and to translate data accordingly so that the device can 
receive properly formatted data that the device can understand, 
while allowing capabilities that the device does not have to be run 
by a proxy system, thereby providing use of the capabilities even 
when the device itself cannot perform such capabilities. 

Buhle, however, discloses means for receiving a gateway 
group identifier associated with a carrier gateway for the request 
from the mobile device; using the gateway group identifier to 
determine if the gateway is trustable above a threshold; and 
determining levels of trust based on both a device ID and whether 
the gateway is trustable above a threshold based on the gateway 
group identifier (Column 5, line 25 to Column 6, line 25; Column 6, 
lines 61-67; and Column 8, lines 20-52). It would have been 
obvious to one of ordinary skill in the art at the time of applicant's 
invention to incorporate the authentication and authorization system 
of Buhle into the mobile authentication system of Aura as modified 
by Jamtgaard in order to provide a highly dynamic system of roles 
and permissions such that a device connecting directly to a data 
server will have one set of roles/permissions and when the device 
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connects through certain middle-tier servers, the roles and 
permissions change based on each server through which the 
connection is made, thereby providing a high degree of security, 
auditing, and dynamic system behavior based upon how the user 
connects to the system. 

3. Claim 2 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Aura in view of Jamtgaard and Buhle, further in view of Bryson (U.S. Patent 
Application Publication 2004/0185777). 

Aura as modified by Jamtgaard and Buhle does not explicitly 
disclose that the gateway group identifier is obtained from a header of a 
network packet associated with the carrier gateway. 

Bryson, however, discloses that the gateway group identifier is 
obtained from a header of a network packet associated with the carrier 
gateway (Paragraph 91 ). It would have been obvious to one of ordinary 
skill in the art at the time of applicant's invention to incorporate the 
portable wireless gateway system of Bryson into the mobile authentication 
system of Aura as modified by Jamtgaard and Buhle in order to allow 
devices of a wide variety of communication protocols to connect to and 
use the system, while allowing for moving access points such that users 
can spontaneously provision connectivity in many locations such as 
planes, trains, ships, and buses without having to preplan for their 
connectivity needs. 
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4. Claims 5, 18, 20-22, and 24 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Aura in view of Jamtgaard and Buhle, further in view of Wilf 
(U.S. Patent 6,496,824). 
Regarding Claim 5, 

Aura as modified by Jamtgaard and Buhle discloses the 
method of claim 1 , in addition, Aura discloses automatically 
determining a second device signature based on a second level of 
trust, wherein the second device signature comprises a hash of at 
least a gateway group identifier (Column 9, line 43 to Column 10, 
line 27; and Column 13, line 64 to Column 15, line 6); but does not 
explicitly disclose that the signature hash also comprises a cookie 
and a user agent identifier obtainable from the associated 
information. 

Wilf, however, discloses that the signature hash also 
comprises at least a cookie and a user agent identifier obtainable 
from the associated information (Column 4, lines 5-35). It would 
have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the session management 
techniques of Wilf into the mobile authentication system of Aura as 
modified by Jamtgaard and Buhle in order to provide a stronger 
signature, based upon more client and/or gateway specific 
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information, thus increasing security of the signature and making it 
harder to forge. 
Regarding Claim 18, 

Aura discloses a client adapted for a mobile device to 
communicate with a server over a network, the client being 
configured to perform actions comprising: 

Sending a request to the server for content, wherein the 
request includes an identifier associated with the device (Column 5, 
line 58 to Column 6, line 13; Column 7, line 42 to Column 8, line 23; 
and Column 13, line 64 to Column 15, line 6); and wherein the 
server also receives a gateway group identifier associated with a 
carrier gateway (Column 4, lines 32-65; Column 9, line 43 to 
Column 10, line 27; and Column 13, line 64 to Column 15, line 6); 

Receiving at least one device signature associated with the 
mobile device, wherein the at least one device signature is based 
on at least one level of trust determined from a plurality of different 
trust levels, and is independent of user authentication (Column 5, 
line 58 to Column 6, line 13; and Column 7, line 42 to Column 8, 
line 23), the at least one level of trust being determined based on: 

Determining at least a default level of trust (Column 3, line 
31 to Column 4, line 1 1 ; Column 7, line 42 to Column 8, line 23; 
and Column 9, lines 4-19); 
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If a trusted mobile device identifier associated with the 
mobile device is received, then determining at least a first level of 
trust associated with the mobile device (Column 9, line 43 to 
Column 10, line 27; and Column 13, line 64 to Column 15, line 6); 
and 

If the mobile device is enabled to access the Internet, then 
determining at least a third level of trust associated with the mobile 
device (Column 3, line 31 to Column 4, line 1 1 ; Column 7, line 42 to 
Column 8, line 23; and Column 9, lines 4-19); and 

But may not explicitly disclose if the mobile device is enabled 
to accept a cookie, then determining at least a second level of trust 
associated with the mobile device, if the mobile device is enabled to 
interact with a URL, then determining at least a third level of trust 
associated with the mobile device; that the identifier associated with 
the device comprises an identifier associated with a user agent, 
and determining if the gateway is trustable based on the gateway 
group identifier. 

Jamtgaard, however, discloses if the mobile device is 
enabled to accept a cookie, then determining at least a second 
level of trust associated with the mobile device; and determining 
that the mobile device is enabled to interact with a URL, then 
determining at least a third level of trust associated with the mobile 
device (Column 5, lines 27-53; Column 8, line 4 to Column 9, line 
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22; and Column 14, lines 4-20). It would have been obvious to one 
of ordinary skill in the art at the time of applicant's invention to 
incorporate the capability determination and translation system of 
Jamtgaard into the mobile authentication system of Aura in order to 
allow the system to determine device capabilities and to translate 
data accordingly so that the device can receive properly formatted 
data that the device can understand, while allowing capabilities that 
the device does not have to be run by a proxy system, thereby 
providing use of the capabilities even when the device itself cannot 
perform such capabilities. 

Buhle, however, discloses that a gateway associated with 
the request further provides a gateway group identifier; determining 
if the gateway is trustable based on the gateway group identifier;; 
and determining levels of trust based on both a device ID and 
whether the gateway is trustable (Column 5, line 25 to Column 6, 
line 25; Column 6, lines 61-67; and Column 8, lines 20-52). It 
would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to incorporate the authentication and 
authorization system of Buhle into the mobile authentication system 
of Aura as modified by Jamtgaard in order to provide a highly 
dynamic system of roles and permissions such that a device 
connecting directly to a data server will have one set of 
roles/permissions and when the device connects through certain 
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middle-tier servers, the roles and permissions change based on 
each server through which the connection is made, thereby 
providing a high degree of security, auditing, and dynamic system 
behavior based upon how the user connects to the system. 

Wilf, however, discloses that the identifier associated with 
the device comprises an identifier associated with a user agent 
(Column 4, lines 5-35). It would have been obvious to one of 
ordinary skill in the art at the time of applicant's invention to 
incorporate the session management techniques of Wilf into the 
mobile authentication system of Aura as modified by Jamtgaard 
and Buhle in order to provide a stronger signature, based upon 
more client and/or gateway specific information, thus increasing 
security of the signature and making it harder to forge. 

Regarding Claim 20, 

Aura as modified by Jamtgaard, Buhle, and Wilf discloses 
the client of claim 18, in addition, Aura discloses that receiving the 
at least one device signature further comprises if the at least one 
device signature is based on the first level of trust, receiving a first 
tier device signature based, in part, on a hash of at least one of a 
subscription identifier, the gateway group identifier, the user agent 
identifier, and a time stamp (Column 9, line 43 to Column 10, line 
27; and Column 13, line 64 to Column 15, line 6). 

Regarding Claim 21, 
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Aura as modified by Jamtgaard, Buhle, and Wilf discloses 
the client of claim 18, in addition, Aura discloses that receiving the 
at least one device signature further comprises if the at least one 
device signature is based on the second level of trust, receiving a 
second tier device signature based, in part, on a hash of at least 
one of a cookie, the gateway group identifier, the user gent 
identifier, and a time stamp (Column 9, line 43 to Column 10, line 
27; and Column 13, line 64 to Column 15, line 6). 
Regarding Claim 22, 

Aura as modified by Jamtgaard, Buhle, and Wilf discloses 
the client of claim 18, in addition, Aura discloses that receiving the 
at least one device signature further comprises if the at least one 
device signature is based on the third level of trust, receiving a third 
tier device signature based, in part, on a hash of at least one of the 
gateway group identifier, a user agent identifier, a server identifier, 
a process identifier, a random number, and a time stamp (Column 
9, line 43 to Column 10, line 27; and Column 13, line 64 to Column 
15, line 6). 
Regarding Claim 24, 

Aura as modified by Jamtgaard, Buhle, and Wilf discloses 
the client of claim 18, in addition, Jamtgaard discloses that 
receiving the at least one device signature further comprises, if the 
request indicates the mobile device is enabled to accept a cookie, 
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associating the cookie with the at least one device signature 
(Column 5, lines 27-53; and Column 8, line 4 to Column 9, line 22); 
and Wilf discloses associating the cookie with the at least one 
device signature (Column 4, lines 5-35). 



5. Claims 6, 7, 16, 17, 31, and 34 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Aura in view of Jamtgaard and Buhle, further in view of 
Laraki (U.S. Patent Application Publication 2003/0233329). 
Regarding Claim 6, 

Aura as modified by Jamtgaard and Buhle does not explicitly 
disclose that the associated information further comprises a 
subscription identifier associated with the mobile device that is 
based on at least one of a MIN, ESN, and application serial 
number. 

Laraki, however, discloses that the associated information 
further comprises a subscription identifier associated with the 
mobile device that is based on at least one of a MIN, ESN, and 
application serial number (Paragraph 53). It would have been 
obvious to one of ordinary skill in the art at the time of applicant's 
invention to incorporate the mobile subscription services of Laraki 
into the mobile authentication system of Aura as modified by 
Jamtgaard and Buhle in order to efficiently provide mobile users 
with access to content based upon subscriptions and affiliations in 
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which a user will not be charged twice for content that was 
previously paid for, but could not be downloaded prior to expiration 
of the subscription and is downloaded after expiration, thus 
improving reliability of the system. 
Regarding Claim 7, 

Aura as modified by Jamtgaard and Buhle discloses the 
method of claim 1, in addition, Aura discloses determining the level 
of trust of the mobile device identifier and trusting the mobile device 
if the identifier is so trusted (Column 9, line 43 to Column 10, line 
27; and Column 13, line 64 to Column 15, line 6); and Buhle 
discloses determining a level of trust of the carrier gateway 
associated with the mobile device based on a received device 
identifier and the gateway group identifier (Column 5, line 25 to 
Column 6, line 25; Column 6, lines 61-67; and Column 8, lines 20- 
52); 

But may not explicitly disclose using a received subscription 
identifier in the determining of a level of trust, trusting the mobile 
device identifier based on such carrier trust, and inhibiting the 
determination of a level of trust associated with the device if the 
mobile device identifier is not trusted in this manner. 

Laraki, however, discloses determining a level of trust of a 
carrier associated with the mobile device based on at least one of a 
received subscription identifier and a gateway group identifier, 
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trusting the mobile device identifier based on such carrier trust, and 
inhibiting the determination of a level of trust associated with the 
device if the mobile device identifier is not trusted in this manner 
(Paragraphs 33-37 and 46-72). It would have been obvious to one 
of ordinary skill in the art at the time of applicant's invention to 
incorporate the mobile subscription services of Laraki into the 
mobile authentication system of Aura as modified by Jamtgaard 
and Buhle in order to efficiently provide mobile users with access to 
content based upon subscriptions and affiliations in which a user 
will not be charged twice for content that was previously paid for, 
but could not be downloaded prior to expiration of the subscription 
and is downloaded after expiration, thus improving reliability of the 
system. 
Regarding Claim 16, 

Aura as modified by Jamtgaard and Buhle does not explicitly 
disclose if the at least one device signature has expired, 
determining if the expired device signature is to be rolled over, and 
if the expired device signature is to be rolled over, extending a 
validity period associated with the expired device signature. 

Laraki, however, discloses if the at least one device 
signature has expired, determining if the expired device signature is 
to be rolled over, and if the expired device signature is to be rolled 
over, extending a validity period associated with the expired device 
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signature (Paragraphs 45 and 66). It would have been obvious to 
one of ordinary skill in the art at the time of applicant's invention to 
incorporate the mobile subscription services of Laraki into the 
mobile authentication system of Aura as modified by Jamtgaard 
and Buhle in order to efficiently provide mobile users with access to 
content based upon subscriptions and affiliations in which a user 
will not be charged twice for content that was previously paid for, 
but could not be downloaded prior to expiration of the subscription 
and is downloaded after expiration, thus improving reliability of the 
system. 

Regarding Claim 17, 

Aura as modified by Jamtgaard, Buhle, and Laraki discloses 
the method of claim 16, in addition, Laraki discloses that 
determining if the expired device signature is to be rolled over 
further comprises evaluating at least one of a condition, event, 
change in an identifier indicating a grouping of the gateway, and a 
time (Paragraphs 45 and 66). 

Regarding Claim 31, 

Aura as modified by Jamtgaard and Buhle discloses the 
server of claim 26, in addition, Aura discloses that determining the 
at least one level of trust further comprises determining the first 
level of trust based at least one of a gateway group identifier, a 
subscription identifier, a user agent, and a security level associated 
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with the request from the mobile device (Column 9, line 43 to 
Column 10, line 27; and Column 13, line 64 to Column 15, line 6); 

But may not explicitly disclose using such information to 
determine if the mobile device identifier is trusted. 

Laraki, however, discloses using such information to 
determine if the mobile device identifier is trusted (Paragraphs 33- 
37 and 46-72). It would have been obvious to one of ordinary skill 
in the art at the time of applicant's invention to incorporate the 
mobile subscription services of Laraki into the mobile authentication 
system of Aura as modified by Jamtgaard and Buhle in order to 
efficiently provide mobile users with access to content based upon 
subscriptions and affiliations in which a user will not be charged 
twice for content that was previously paid for, but could not be 
downloaded prior to expiration of the subscription and is 
downloaded after expiration, thus improving reliability of the 
system. 
Regarding Claim 34, 

Aura as modified by Jamtgaard and Buhle discloses the 
server of claim 26, in addition, Aura discloses determining if at least 
one device signature has expired (Column 13, line 64 to Column 
15, line 6); but does not explicitly disclose extending a validity 
period associated with the expired device signature is the expired 
device signature is to be rolled over. 
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Laraki, however, discloses determining if at least one device 
signature has expired and extending a validity period associated 
with the expired device signature is the expired device signature is 
to be rolled over (Paragraphs 45 and 66). It would have been 
obvious to one of ordinary skill in the art at the time of applicant's 
invention to incorporate the mobile subscription services of Laraki 
into the mobile authentication system of Aura as modified by 
Jamtgaard and Buhle in order to efficiently provide mobile users 
with access to content based upon subscriptions and affiliations in 
which a user will not be charged twice for content that was 
previously paid for, but could not be downloaded prior to expiration 
of the subscription and is downloaded after expiration, thus 
improving reliability of the system. 

6. Claims 13 and 39 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Aura in view of Jamtgaard and Buhle, further in view of 
Kindberg (U.S. Patent Application Publication 2003/0061515). 
Regarding Claim 13, 

Aura as modified by Jamtgaard and Buhle does not explicitly 
disclose including a device signature in a munged URL. 

Kindberg, however, discloses including a device signature in 
a munged URL (Paragraphs 39 and 43-50). It would have been 
obvious to one of ordinary skill in the art at the time of applicant's 
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invention to incorporate the capability-enabled URL of Kindberg into 
the mobile authentication system of Aura as modified by Jamtgaard 
and Buhle in order to provide a simple mechanism by which a client 
can prove authorized access to resources via use of a modified 
URL including a signature corresponding to a particular capability. 
Regarding Claim 39, 

Aura as modified by Jamtgaard and Buhle does not explicitly 
disclose providing a signature to the mobile device through a 
munged URL. 

Kindberg, however, discloses providing a signature to the 
mobile device through a munged URL (Paragraphs 39 and 43-50). 
It would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to incorporate the capability-enabled 
URL of Kindberg into the mobile authentication system of Aura as 
modified by Jamtgaard and Buhle in order to provide a simple 
mechanism by which a client can prove authorized access to 
resources via use of a modified URL including a signature 
corresponding to a particular capability. 

7. Claims 19 and 23 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Aura in view of Jamtgaard, Buhle, and Wilf, further in view of 
Laraki. 

Regarding Claim 19, 
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Aura as modified by Jamtgaard, Buhle, and Wilf does not 
explicitly disclose providing the mobile device identifier based on at 
least one of a MIN, an ESN, and an application serial number. 

Laraki, however, discloses providing the mobile device 
identifier based on at least one of a MIN, an ESN, and an 
application serial number (Paragraph 53). It would have been 
obvious to one of ordinary skill in the art at the time of applicant's 
invention to incorporate the mobile subscription services of Laraki 
into the mobile authentication system of Aura as modified by 
Jamtgaard, Buhle, and Wilf in order to efficiently provide mobile 
users with access to content based upon subscriptions and 
affiliations in which a user will not be charged twice for content that 
was previously paid for, but could not be downloaded prior to 
expiration of the subscription and is downloaded after expiration, 
thus improving reliability of the system. 
Regarding Claim 23, 

Aura as modified by Jamtgaard, Buhle, and Wilf discloses 
the client of claim 18, in addition, Aura discloses data in the form of 
at least one device signature (Column 5, line 58 to Column 6, line 
13; and Column 7, line 42 to Column 8, line 23); but may not 
explicitly disclose that sending the request further comprises 
sending the request to a carrier gateway, wherein the carrier 
gateway is configured to perform actions comprising: modifying the 
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request to include at least one of a subscription identifier 
associated with the mobile device and a gateway identifier; 
forwarding the modified request to the server; receiving data from 
the server; and forwarding the data to the mobile device. 

Laraki, however, discloses that sending the request further 
comprises sending the request to a carrier gateway, wherein the 
carrier gateway is configured to perform actions comprising: 
modifying the request to include at least one of a subscription 
identifier associated with the mobile device and a gateway 
identifier; forwarding the modified request to the server; receiving 
data from the server; and forwarding the data to the mobile device 
(Paragraphs 33-37 and 46-48). It would have been obvious to one 
of ordinary skill in the art at the time of applicant's invention to 
incorporate the mobile subscription services of Laraki into the 
mobile authentication system of Aura as modified by Jamtgaard, 
Buhle, and Wilf in order to efficiently provide mobile users with 
access to content based upon subscriptions and affiliations in which 
a user will not be charged twice for content that was previously paid 
for, but could not be downloaded prior to expiration of the 
subscription and is downloaded after expiration, thus improving 
reliability of the system. 
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8. Claim 25 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Aura in view of Jamtgaard, Buhle, and Wilf, further in view of Kindberg. 

Aura as modified by Jamtgaard, Buhle, and Wilf does not explicitly 

disclose receiving a munged URL associated with at least one device 

signature. 

Kindberg, however, discloses receiving a munged URL associated 
with at least one device signature (Paragraphs 39 and 43-50). It would 
have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the capability-enabled URL of 
Kindberg into the mobile authentication system of Aura as modified by 
Jamtgaard, Buhle, and Wilf in order to provide a simple mechanism by 
which a client can prove authorized access to resources via use of a 
modified URL including a signature corresponding to a particular 
capability. 



Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of 
time policy as set forth in 37 CFR 1 .1 36(a). 

A shortened statutory period for reply to this final action is set to expire 
THREE MONTHS from the mailing date of this action. In the event a first reply is 
filed within TWO MONTHS of the mailing date of this final action and the advisory 
action is not mailed until after the end of the THREE-MONTH shortened statutory 
period, then the shortened statutory period will expire on the date the advisory 
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action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be 
calculated from the mailing date of the advisory action. In no event, however, will 
the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to JEFFREY D. POPHAM whose telephone 
number is (571)272-7215. The examiner can normally be reached on M-F 9:00- 
5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Emmanuel Moise can be reached on (571)272-3865. The 
fax phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786- 
9199 (IN USA OR CANADA) or 571-272-1000. 
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/Jeffrey D Popham/ 
Examiner, Art Unit 2437 

/Emmanuel L. Moise/ 

Supervisory Patent Examiner, Art Unit 2437 
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